x509-create-sign.cpp@ 104572

Last change on this file since 104572 was 104572, checked in by vboxsync, 7 months ago
Library fix for making TLS default and auto-generating a certificate - bugref:10310
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 5.1 KB

Line
1	/* $Id: x509-create-sign.cpp 104572 2024-05-10 06:26:50Z vboxsync $ */
2	/** @file
3	* IPRT - Crypto - X.509, Certificate Creation and Signing.
4	*/
5
6	/*
7	* Copyright (C) 2006-2023 Oracle and/or its affiliates.
8	*
9	* This file is part of VirtualBox base platform packages, as
10	* available from https://www.virtualbox.org.
11	*
12	* This program is free software; you can redistribute it and/or
13	* modify it under the terms of the GNU General Public License
14	* as published by the Free Software Foundation, in version 3 of the
15	* License.
16	*
17	* This program is distributed in the hope that it will be useful, but
18	* WITHOUT ANY WARRANTY; without even the implied warranty of
19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20	* General Public License for more details.
21	*
22	* You should have received a copy of the GNU General Public License
23	* along with this program; if not, see <https://www.gnu.org/licenses>.
24	*
25	* The contents of this file may alternatively be used under the terms
26	* of the Common Development and Distribution License Version 1.0
27	* (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
28	* in the VirtualBox distribution, in which case the provisions of the
29	* CDDL are applicable instead of those of the GPL.
30	*
31	* You may elect to license modified versions of this file under the
32	* terms and conditions of either the GPL or the CDDL or both.
33	*
34	* SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
35	*/
36
37
38	/*********************************************************************************************************************************
39	* Header Files *
40	*********************************************************************************************************************************/
41
42	# if defined(RT_OS_WINDOWS) \|\| defined(RT_OS_OS2)
43	# include <io.h>
44	# endif
45
46	#include <iprt/file.h>
47	#include "internal/iprt.h"
48	#include <iprt/crypto/x509.h>
49
50	# ifdef _MSC_VER
51	# define IPRT_COMPILER_VCC_WITH_C_INIT_TERM_SECTIONS
52	# include "internal/compiler-vcc.h"
53	# endif
54
55	#include <fcntl.h>
56	#include <iprt/err.h>
57	#include <iprt/string.h>
58
59	#ifdef IPRT_WITH_OPENSSL
60	# include <openssl/evp.h>
61	# include <openssl/pem.h>
62	# include <openssl/x509.h>
63	# include <openssl/bio.h>
64
65	RTDECL(int) RTCrX509Certificate_Generate(const char pszServerCertificate, const char pszServerPrivateKey)
66	{
67	int rc = VINF_SUCCESS;
68	/*
69	* Set up private key using rsa
70	*/
71	EVP_PKEY * pkey;
72	#if (OPENSSL_VERSION_NUMBER >= 0x30000000L) /* OpenSSL 3 needed */
73	pkey = EVP_RSA_gen(2048);
74	#else
75	pkey = EVP_PKEY_new();
76	RSA * rsa;
77	rsa = RSA_generate_key(
78	2048, /* Number of bits for the key */
79	RSA_F4, /* Exponent - RSA_F4 is defined as 0x10001L */
80	NULL, /* Callback */
81	NULL /* Callback argument */
82	);
83	EVP_PKEY_assign_RSA(pkey, rsa);
84	#endif
85
86	if ( pkey == NULL )
87	return VERR_CR_KEY_GEN_FAILED_RSA;
88
89	/*
90	* Set up certificate
91	*/
92	X509* tempX509 = X509_new();
93	if ( tempX509 == NULL )
94	return VERR_CR_X509_GENERIC_ERROR;
95	X509_set_version(tempX509,0); /** Set to X509 version 1 */
96	ASN1_INTEGER_set(X509_get_serialNumber(tempX509), 1);
97	#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
98	X509_gmtime_adj(X509_getm_notBefore(tempX509), 0);
99	X509_gmtime_adj(X509_getm_notAfter(tempX509), 6060243650); /* 10 years time */
100	#else
101	X509_gmtime_adj(X509_get_notBefore(tempX509), 0);
102	X509_gmtime_adj(X509_get_notAfter(tempX509), 6060243650); /* 10 years time */
103	#endif
104	X509_set_pubkey(tempX509,pkey);
105
106	X509_NAME *x509_name = NULL;
107	x509_name = X509_get_subject_name(tempX509);
108
109	rc = X509_set_issuer_name(tempX509, x509_name);
110	if ( RT_FAILURE(rc) )
111	return rc;
112
113	rc = X509_sign( tempX509, pkey, EVP_sha1());
114	if ( RT_FAILURE(rc) )
115	return rc;
116
117	RTFILE hKeyFile;
118	rc = RTFileOpen(&hKeyFile, pszServerPrivateKey, RTFILE_O_WRITE \| RTFILE_O_DENY_ALL \| RTFILE_O_CREATE \| (0600 << RTFILE_O_CREATE_MODE_SHIFT) );
119	if ( RT_FAILURE(rc) )
120	return rc;
121	# ifndef _MSC_VER
122	int fd1 = (int)RTFileToNative(hKeyFile);
123	# else
124	int fd1 = _open_osfhandle(RTFileToNative(hKeyFile), _O_WRONLY);
125	# endif
126	if ( fd1 < 0 )
127	return VERR_FILE_IO_ERROR;
128
129	BIO *fp1 = BIO_new_fd(fd1, BIO_NOCLOSE);
130	rc = PEM_write_bio_PrivateKey( fp1, pkey, NULL, NULL, 0, NULL, NULL);
131	if ( RT_FAILURE(rc) )
132	return rc;
133	BIO_free(fp1);
134	# ifdef _MSC_VER
135	close(fd1);
136	#endif
137	RTFileClose(hKeyFile);
138
139	RTFILE hCertFile;
140	rc = RTFileOpen(&hCertFile, pszServerCertificate, RTFILE_O_WRITE \| RTFILE_O_DENY_ALL \| RTFILE_O_CREATE \| (0600 << RTFILE_O_CREATE_MODE_SHIFT) );
141	if ( RT_FAILURE(rc) )
142	return rc;
143	# ifndef _MSC_VER
144	int fd2 = (int)RTFileToNative(hCertFile);
145	# else
146	int fd2 = _open_osfhandle(RTFileToNative(hCertFile), _O_WRONLY);
147	# endif
148	if ( fd2 < 0 )
149	return VERR_FILE_IO_ERROR;
150
151	BIO *fp2 = BIO_new_fd(fd2, BIO_NOCLOSE);
152	rc = PEM_write_bio_X509( fp2, tempX509 );
153	if ( RT_FAILURE(rc) )
154	return rc;
155	BIO_free(fp2);
156	# ifdef _MSC_VER
157	close(fd2);
158	#endif
159	RTFileClose(hCertFile);
160
161	X509_free(tempX509);
162	EVP_PKEY_free(pkey);
163
164	return rc;
165	}
166
167	#endif /* IPRT_WITH_OPENSSL */

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/VBox/Runtime/common/crypto/x509-create-sign.cpp@ 104572

Download in other formats: